platform/external/busybox.git - Unnamed repository; edit this file 'description' to name the repository.

1 /* vi: set sw=4 ts=4: */
2 /*
3  * bare bones sendmail
4  *
5  * Copyright (C) 2008 by Vladimir Dronnikov <dronnikov@gmail.com>
6  *
7  * Licensed under GPLv2, see file LICENSE in this source tree.
8  */
9 //config:config SENDMAIL
10 //config:	bool "sendmail"
11 //config:	default y
12 //config:	help
13 //config:	  Barebones sendmail.
14
15 //applet:IF_SENDMAIL(APPLET(sendmail, BB_DIR_USR_SBIN, BB_SUID_DROP))
16
17 //kbuild:lib-$(CONFIG_SENDMAIL) += sendmail.o mail.o
18
19 //usage:#define sendmail_trivial_usage
20 //usage:       "[-tv] [-f SENDER] [-amLOGIN 4<user_pass.txt | -auUSER -apPASS]"
21 //usage:     "\n		[-w SECS] [-H 'PROG ARGS' | -S HOST] [RECIPIENT_EMAIL]..."
22 //usage:#define sendmail_full_usage "\n\n"
23 //usage:       "Read email from stdin and send it\n"
24 //usage:     "\nStandard options:"
25 //usage:     "\n	-t		Read additional recipients from message body"
26 //usage:     "\n	-f SENDER	For use in MAIL FROM:<sender>. Can be empty string"
27 //usage:     "\n			Default: -auUSER, or username of current UID"
28 //usage:     "\n	-o OPTIONS	Various options. -oi implied, others are ignored"
29 //usage:     "\n	-i		-oi synonym, implied and ignored"
30 //usage:     "\n"
31 //usage:     "\nBusybox specific options:"
32 //usage:     "\n	-v		Verbose"
33 //usage:     "\n	-w SECS		Network timeout"
34 //usage:     "\n	-H 'PROG ARGS'	Run connection helper. Examples:"
35 //usage:     "\n		openssl s_client -quiet -tls1 -starttls smtp -connect smtp.gmail.com:25"
36 //usage:     "\n		openssl s_client -quiet -tls1 -connect smtp.gmail.com:465"
37 //usage:     "\n			$SMTP_ANTISPAM_DELAY: seconds to wait after helper connect"
38 //usage:     "\n	-S HOST[:PORT]	Server (default $SMTPHOST or 127.0.0.1)"
39 //usage:     "\n	-amLOGIN	Log in using AUTH LOGIN (-amCRAM-MD5 not supported)"
40 //usage:     "\n	-auUSER		Username for AUTH"
41 //usage:     "\n	-apPASS 	Password for AUTH"
42 //usage:     "\n"
43 //usage:     "\nIf no -a options are given, authentication is not done."
44 //usage:     "\nIf -amLOGIN is given but no -au/-ap, user/password is read from fd #4."
45 //usage:     "\nOther options are silently ignored; -oi is implied."
46 //usage:	IF_MAKEMIME(
47 //usage:     "\nUse makemime to create emails with attachments."
48 //usage:	)
49
50 /* Currently we don't sanitize or escape user-supplied SENDER and RECIPIENT_EMAILs.
51  * We may need to do so. For one, '.' in usernames seems to require escaping!
52  *
53  * From http://cr.yp.to/smtp/address.html:
54  *
55  * SMTP offers three ways to encode a character inside an address:
56  *
57  * "safe": the character, if it is not <>()[].,;:@, backslash,
58  *  double-quote, space, or an ASCII control character;
59  * "quoted": the character, if it is not \012, \015, backslash,
60  *   or double-quote; or
61  * "slashed": backslash followed by the character.
62  *
63  * An encoded box part is either (1) a sequence of one or more slashed
64  * or safe characters or (2) a double quote, a sequence of zero or more
65  * slashed or quoted characters, and a double quote. It represents
66  * the concatenation of the characters encoded inside it.
67  *
68  * For example, the encoded box parts
69  *	angels
70  *	\a\n\g\e\l\s
71  *	"\a\n\g\e\l\s"
72  *	"angels"
73  *	"ang\els"
74  * all represent the 6-byte string "angels", and the encoded box parts
75  *	a\,comma
76  *	\a\,\c\o\m\m\a
77  *	"a,comma"
78  * all represent the 7-byte string "a,comma".
79  *
80  * An encoded address contains
81  *	the byte <;
82  *	optionally, a route followed by a colon;
83  *	an encoded box part, the byte @, and a domain; and
84  *	the byte >.
85  *
86  * It represents an Internet mail address, given by concatenating
87  * the string represented by the encoded box part, the byte @,
88  * and the domain. For example, the encoded addresses
89  *     <God@heaven.af.mil>
90  *     <\God@heaven.af.mil>
91  *     <"God"@heaven.af.mil>
92  *     <@gateway.af.mil,@uucp.local:"\G\o\d"@heaven.af.mil>
93  * all represent the Internet mail address "God@heaven.af.mil".
94  */
95
96 #include "libbb.h"
97 #include "mail.h"
98
99 // limit maximum allowed number of headers to prevent overflows.
100 // set to 0 to not limit
101 #define MAX_HEADERS 256
102
103 static void send_r_n(const char *s)
104 {
105 	if (verbose)
106 		bb_error_msg("send:'%s'", s);
107 	printf("%s\r\n", s);
108 }
109
110 static int smtp_checkp(const char *fmt, const char *param, int code)
111 {
112 	char *answer;
113 	char *msg = send_mail_command(fmt, param);
114 	// read stdin
115 	// if the string has a form NNN- -- read next string. E.g. EHLO response
116 	// parse first bytes to a number
117 	// if code = -1 then just return this number
118 	// if code != -1 then checks whether the number equals the code
119 	// if not equal -> die saying msg
120 	while ((answer = xmalloc_fgetline(stdin)) != NULL) {
121 		if (verbose)
122 			bb_error_msg("recv:'%.*s'", (int)(strchrnul(answer, '\r') - answer), answer);
123 		if (strlen(answer) <= 3 || '-' != answer[3])
124 			break;
125 		free(answer);
126 	}
127 	if (answer) {
128 		int n = atoi(answer);
129 		if (timeout)
130 			alarm(0);
131 		free(answer);
132 		if (-1 == code || n == code) {
133 			free(msg);
134 			return n;
135 		}
136 	}
137 	bb_error_msg_and_die("%s failed", msg);
138 }
139
140 static int smtp_check(const char *fmt, int code)
141 {
142 	return smtp_checkp(fmt, NULL, code);
143 }
144
145 // strip argument of bad chars
146 static char *sane_address(char *str)
147 {
148 	char *s;
149
150 	trim(str);
151 	s = str;
152 	while (*s) {
153 		if (!isalnum(*s) && !strchr("_-.@", *s)) {
154 			bb_error_msg("bad address '%s'", str);
155 			/* returning "": */
156 			str[0] = '\0';
157 			return str;
158 		}
159 		s++;
160 	}
161 	return str;
162 }
163
164 // check for an address inside angle brackets, if not found fall back to normal
165 static char *angle_address(char *str)
166 {
167 	char *s, *e;
168
169 	trim(str);
170 	e = last_char_is(str, '>');
171 	if (e) {
172 		s = strrchr(str, '<');
173 		if (s) {
174 			*e = '\0';
175 			str = s + 1;
176 		}
177 	}
178 	return sane_address(str);
179 }
180
181 static void rcptto(const char *s)
182 {
183 	if (!*s)
184 		return;
185 	// N.B. we don't die if recipient is rejected, for the other recipients may be accepted
186 	if (250 != smtp_checkp("RCPT TO:<%s>", s, -1))
187 		bb_error_msg("Bad recipient: <%s>", s);
188 }
189
190 // send to a list of comma separated addresses
191 static void rcptto_list(const char *list)
192 {
193 	char *str = xstrdup(list);
194 	char *s = str;
195 	char prev = 0;
196 	int in_quote = 0;
197
198 	while (*s) {
199 		char ch = *s++;
200
201 		if (ch == '"' && prev != '\\') {
202 			in_quote = !in_quote;
203 		} else if (!in_quote && ch == ',') {
204 			s[-1] = '\0';
205 			rcptto(angle_address(str));
206 			str = s;
207 		}
208 		prev = ch;
209 	}
210 	if (prev != ',')
211 		rcptto(angle_address(str));
212 	free(str);
213 }
214
215 int sendmail_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
216 int sendmail_main(int argc UNUSED_PARAM, char **argv)
217 {
218 	char *opt_connect;
219 	char *opt_from = NULL;
220 	char *s;
221 	llist_t *list = NULL;
222 	char *host = sane_address(safe_gethostname());
223 	unsigned nheaders = 0;
224 	int code;
225 	enum {
226 		HDR_OTHER = 0,
227 		HDR_TOCC,
228 		HDR_BCC,
229 	} last_hdr = 0;
230 	int check_hdr;
231 	int has_to = 0;
232
233 	enum {
234 	//--- standard options
235 		OPT_t = 1 << 0,         // read message for recipients, append them to those on cmdline
236 		OPT_f = 1 << 1,         // sender address
237 		OPT_o = 1 << 2,         // various options. -oi IMPLIED! others are IGNORED!
238 		OPT_i = 1 << 3,         // IMPLIED!
239 	//--- BB specific options
240 		OPT_w = 1 << 4,         // network timeout
241 		OPT_H = 1 << 5,         // use external connection helper
242 		OPT_S = 1 << 6,         // specify connection string
243 		OPT_a = 1 << 7,         // authentication tokens
244 		OPT_v = 1 << 8,         // verbosity
245 	};
246
247 	// init global variables
248 	INIT_G();
249
250 	// default HOST[:PORT] is $SMTPHOST, or localhost
251 	opt_connect = getenv("SMTPHOST");
252 	if (!opt_connect)
253 		opt_connect = (char *)"127.0.0.1";
254
255 	// save initial stdin since body is piped!
256 	xdup2(STDIN_FILENO, 3);
257 	G.fp0 = xfdopen_for_read(3);
258
259 	// parse options
260 	// -v is a counter, -H and -S are mutually exclusive, -a is a list
261 	opt_complementary = "vv:H--S:S--H";
262 	// N.B. since -H and -S are mutually exclusive they do not interfere in opt_connect
263 	// -a is for ssmtp (http://downloads.openwrt.org/people/nico/man/man8/ssmtp.8.html) compatibility,
264 	// it is still under development.
265 	opts = getopt32(argv, "tf:o:iw:+H:S:a:*:v", &opt_from, NULL,
266 			&timeout, &opt_connect, &opt_connect, &list, &verbose);
267 	//argc -= optind;
268 	argv += optind;
269
270 	// process -a[upm]<token> options
271 	if ((opts & OPT_a) && !list)
272 		bb_show_usage();
273 	while (list) {
274 		char *a = (char *) llist_pop(&list);
275 		if ('u' == a[0])
276 			G.user = xstrdup(a+1);
277 		if ('p' == a[0])
278 			G.pass = xstrdup(a+1);
279 		// N.B. we support only AUTH LOGIN so far
280 		//if ('m' == a[0])
281 		//	G.method = xstrdup(a+1);
282 	}
283 	// N.B. list == NULL here
284 	//bb_error_msg("OPT[%x] AU[%s], AP[%s], AM[%s], ARGV[%s]", opts, au, ap, am, *argv);
285
286 	// connect to server
287
288 	// connection helper ordered? ->
289 	if (opts & OPT_H) {
290 		const char *delay;
291 		const char *args[] = { "sh", "-c", opt_connect, NULL };
292 		// plug it in
293 		launch_helper(args);
294 		// Now:
295 		// our stdout will go to helper's stdin,
296 		// helper's stdout will be available on our stdin.
297
298 		// Wait for initial server message.
299 		// If helper (such as openssl) invokes STARTTLS, the initial 220
300 		// is swallowed by helper (and not repeated after TLS is initiated).
301 		// We will send NOOP cmd to server and check the response.
302 		// We should get 220+250 on plain connection, 250 on STARTTLSed session.
303 		//
304 		// The problem here is some servers delay initial 220 message,
305 		// and consider client to be a spammer if it starts sending cmds
306 		// before 220 reached it. The code below is unsafe in this regard:
307 		// in non-STARTTLSed case, we potentially send NOOP before 220
308 		// is sent by server.
309 		//
310 		// If $SMTP_ANTISPAM_DELAY is set, we pause before sending NOOP.
311 		//
312 		delay = getenv("SMTP_ANTISPAM_DELAY");
313 		if (delay)
314 			sleep(atoi(delay));
315 		code = smtp_check("NOOP", -1);
316 		if (code == 220)
317 			// we got 220 - this is not STARTTLSed connection,
318 			// eat 250 response to our NOOP
319 			smtp_check(NULL, 250);
320 		else
321 		if (code != 250)
322 			bb_error_msg_and_die("SMTP init failed");
323 	} else {
324 		// vanilla connection
325 		int fd;
326 		fd = create_and_connect_stream_or_die(opt_connect, 25);
327 		// and make ourselves a simple IO filter
328 		xmove_fd(fd, STDIN_FILENO);
329 		xdup2(STDIN_FILENO, STDOUT_FILENO);
330
331 		// Wait for initial server 220 message
332 		smtp_check(NULL, 220);
333 	}
334
335 	// we should start with modern EHLO
336 	if (250 != smtp_checkp("EHLO %s", host, -1))
337 		smtp_checkp("HELO %s", host, 250);
338
339 	// perform authentication
340 	if (opts & OPT_a) {
341 		smtp_check("AUTH LOGIN", 334);
342 		// we must read credentials unless they are given via -a[up] options
343 		if (!G.user || !G.pass)
344 			get_cred_or_die(4);
345 		encode_base64(NULL, G.user, NULL);
346 		smtp_check("", 334);
347 		encode_base64(NULL, G.pass, NULL);
348 		smtp_check("", 235);
349 	}
350
351 	// set sender
352 	// N.B. we have here a very loosely defined algorythm
353 	// since sendmail historically offers no means to specify secrets on cmdline.
354 	// 1) server can require no authentication ->
355 	//	we must just provide a (possibly fake) reply address.
356 	// 2) server can require AUTH ->
357 	//	we must provide valid username and password along with a (possibly fake) reply address.
358 	//	For the sake of security username and password are to be read either from console or from a secured file.
359 	//	Since reading from console may defeat usability, the solution is either to read from a predefined
360 	//	file descriptor (e.g. 4), or again from a secured file.
361
362 	// got no sender address? use auth name, then UID username as a last resort
363 	if (!opt_from) {
364 		opt_from = xasprintf("%s@%s",
365 		                     G.user ? G.user : xuid2uname(getuid()),
366 		                     xgethostbyname(host)->h_name);
367 	}
368 	free(host);
369
370 	smtp_checkp("MAIL FROM:<%s>", opt_from, 250);
371
372 	// process message
373
374 	// read recipients from message and add them to those given on cmdline.
375 	// this means we scan stdin for To:, Cc:, Bcc: lines until an empty line
376 	// and then use the rest of stdin as message body
377 	code = 0; // set "analyze headers" mode
378 	while ((s = xmalloc_fgetline(G.fp0)) != NULL) {
379  dump:
380 		// put message lines doubling leading dots
381 		if (code) {
382 			// escape leading dots
383 			// N.B. this feature is implied even if no -i (-oi) switch given
384 			// N.B. we need to escape the leading dot regardless of
385 			// whether it is single or not character on the line
386 			if ('.' == s[0] /*&& '\0' == s[1] */)
387 				bb_putchar('.');
388 			// dump read line
389 			send_r_n(s);
390 			free(s);
391 			continue;
392 		}
393
394 		// analyze headers
395 		// To: or Cc: headers add recipients
396 		check_hdr = (0 == strncasecmp("To:", s, 3));
397 		has_to |= check_hdr;
398 		if (opts & OPT_t) {
399 			if (check_hdr || 0 == strncasecmp("Bcc:" + 1, s, 3)) {
400 				rcptto_list(s+3);
401 				last_hdr = HDR_TOCC;
402 				goto addheader;
403 			}
404 			// Bcc: header adds blind copy (hidden) recipient
405 			if (0 == strncasecmp("Bcc:", s, 4)) {
406 				rcptto_list(s+4);
407 				free(s);
408 				last_hdr = HDR_BCC;
409 				continue; // N.B. Bcc: vanishes from headers!
410 			}
411 		}
412 		check_hdr = (list && isspace(s[0]));
413 		if (strchr(s, ':') || check_hdr) {
414 			// other headers go verbatim
415 			// N.B. RFC2822 2.2.3 "Long Header Fields" allows for headers to occupy several lines.
416 			// Continuation is denoted by prefixing additional lines with whitespace(s).
417 			// Thanks (stefan.seyfried at googlemail.com) for pointing this out.
418 			if (check_hdr && last_hdr != HDR_OTHER) {
419 				rcptto_list(s+1);
420 				if (last_hdr == HDR_BCC)
421 					continue;
422 					// N.B. Bcc: vanishes from headers!
423 			} else {
424 				last_hdr = HDR_OTHER;
425 			}
426  addheader:
427 			// N.B. we allow MAX_HEADERS generic headers at most to prevent attacks
428 			if (MAX_HEADERS && ++nheaders >= MAX_HEADERS)
429 				goto bail;
430 			llist_add_to_end(&list, s);
431 		} else {
432 			// a line without ":" (an empty line too, by definition) doesn't look like a valid header
433 			// so stop "analyze headers" mode
434  reenter:
435 			// put recipients specified on cmdline
436 			check_hdr = 1;
437 			while (*argv) {
438 				char *t = sane_address(*argv);
439 				rcptto(t);
440 				//if (MAX_HEADERS && ++nheaders >= MAX_HEADERS)
441 				//	goto bail;
442 				if (!has_to) {
443 					const char *hdr;
444
445 					if (check_hdr && argv[1])
446 						hdr = "To: %s,";
447 					else if (check_hdr)
448 						hdr = "To: %s";
449 					else if (argv[1])
450 						hdr = "To: %s," + 3;
451 					else
452 						hdr = "To: %s" + 3;
453 					llist_add_to_end(&list,
454 							xasprintf(hdr, t));
455 					check_hdr = 0;
456 				}
457 				argv++;
458 			}
459 			// enter "put message" mode
460 			// N.B. DATA fails iff no recipients were accepted (or even provided)
461 			// in this case just bail out gracefully
462 			if (354 != smtp_check("DATA", -1))
463 				goto bail;
464 			// dump the headers
465 			while (list) {
466 				send_r_n((char *) llist_pop(&list));
467 			}
468 			// stop analyzing headers
469 			code++;
470 			// N.B. !s means: we read nothing, and nothing to be read in the future.
471 			// just dump empty line and break the loop
472 			if (!s) {
473 				send_r_n("");
474 				break;
475 			}
476 			// go dump message body
477 			// N.B. "s" already contains the first non-header line, so pretend we read it from input
478 			goto dump;
479 		}
480 	}
481 	// odd case: we didn't stop "analyze headers" mode -> message body is empty. Reenter the loop
482 	// N.B. after reenter code will be > 0
483 	if (!code)
484 		goto reenter;
485
486 	// finalize the message
487 	smtp_check(".", 250);
488  bail:
489 	// ... and say goodbye
490 	smtp_check("QUIT", 221);
491 	// cleanup
492 	if (ENABLE_FEATURE_CLEAN_UP)
493 		fclose(G.fp0);
494
495 	return EXIT_SUCCESS;
496 }
497
1	/* vi: set sw=4 ts=4: */
2	/*
3	* bare bones sendmail
4	*
5	* Copyright (C) 2008 by Vladimir Dronnikov <dronnikov@gmail.com>
6	*
7	* Licensed under GPLv2, see file LICENSE in this source tree.
8	*/
9	//config:config SENDMAIL
10	//config: bool "sendmail"
11	//config: default y
12	//config: help
13	//config: Barebones sendmail.
14
15	//applet:IF_SENDMAIL(APPLET(sendmail, BB_DIR_USR_SBIN, BB_SUID_DROP))
16
17	//kbuild:lib-$(CONFIG_SENDMAIL) += sendmail.o mail.o
18
19	//usage:#define sendmail_trivial_usage
20	//usage: "[-tv] [-f SENDER] [-amLOGIN 4<user_pass.txt \| -auUSER -apPASS]"
21	//usage: "\n [-w SECS] [-H 'PROG ARGS' \| -S HOST] [RECIPIENT_EMAIL]..."
22	//usage:#define sendmail_full_usage "\n\n"
23	//usage: "Read email from stdin and send it\n"
24	//usage: "\nStandard options:"
25	//usage: "\n -t Read additional recipients from message body"
26	//usage: "\n -f SENDER For use in MAIL FROM:<sender>. Can be empty string"
27	//usage: "\n Default: -auUSER, or username of current UID"
28	//usage: "\n -o OPTIONS Various options. -oi implied, others are ignored"
29	//usage: "\n -i -oi synonym, implied and ignored"
30	//usage: "\n"
31	//usage: "\nBusybox specific options:"
32	//usage: "\n -v Verbose"
33	//usage: "\n -w SECS Network timeout"
34	//usage: "\n -H 'PROG ARGS' Run connection helper. Examples:"
35	//usage: "\n openssl s_client -quiet -tls1 -starttls smtp -connect smtp.gmail.com:25"
36	//usage: "\n openssl s_client -quiet -tls1 -connect smtp.gmail.com:465"
37	//usage: "\n $SMTP_ANTISPAM_DELAY: seconds to wait after helper connect"
38	//usage: "\n -S HOST[:PORT] Server (default $SMTPHOST or 127.0.0.1)"
39	//usage: "\n -amLOGIN Log in using AUTH LOGIN (-amCRAM-MD5 not supported)"
40	//usage: "\n -auUSER Username for AUTH"
41	//usage: "\n -apPASS Password for AUTH"
42	//usage: "\n"
43	//usage: "\nIf no -a options are given, authentication is not done."
44	//usage: "\nIf -amLOGIN is given but no -au/-ap, user/password is read from fd #4."
45	//usage: "\nOther options are silently ignored; -oi is implied."
46	//usage: IF_MAKEMIME(
47	//usage: "\nUse makemime to create emails with attachments."
48	//usage: )
49
50	/* Currently we don't sanitize or escape user-supplied SENDER and RECIPIENT_EMAILs.
51	* We may need to do so. For one, '.' in usernames seems to require escaping!
52	*
53	* From http://cr.yp.to/smtp/address.html:
54	*
55	* SMTP offers three ways to encode a character inside an address:
56	*
57	* "safe": the character, if it is not <>()[].,;:@, backslash,
58	* double-quote, space, or an ASCII control character;
59	* "quoted": the character, if it is not \012, \015, backslash,
60	* or double-quote; or
61	* "slashed": backslash followed by the character.
62	*
63	* An encoded box part is either (1) a sequence of one or more slashed
64	* or safe characters or (2) a double quote, a sequence of zero or more
65	* slashed or quoted characters, and a double quote. It represents
66	* the concatenation of the characters encoded inside it.
67	*
68	* For example, the encoded box parts
69	* angels
70	* \a\n\g\e\l\s
71	* "\a\n\g\e\l\s"
72	* "angels"
73	* "ang\els"
74	* all represent the 6-byte string "angels", and the encoded box parts
75	* a\,comma
76	* \a\,\c\o\m\m\a
77	* "a,comma"
78	* all represent the 7-byte string "a,comma".
79	*
80	* An encoded address contains
81	* the byte <;
82	* optionally, a route followed by a colon;
83	* an encoded box part, the byte @, and a domain; and
84	* the byte >.
85	*
86	* It represents an Internet mail address, given by concatenating
87	* the string represented by the encoded box part, the byte @,
88	* and the domain. For example, the encoded addresses
89	* <God@heaven.af.mil>
90	* <\God@heaven.af.mil>
91	* <"God"@heaven.af.mil>
92	* <@gateway.af.mil,@uucp.local:"\G\o\d"@heaven.af.mil>
93	* all represent the Internet mail address "God@heaven.af.mil".
94	*/
95
96	#include "libbb.h"
97	#include "mail.h"
98
99	// limit maximum allowed number of headers to prevent overflows.
100	// set to 0 to not limit
101	#define MAX_HEADERS 256
102
103	static void send_r_n(const char *s)
104	{
105	if (verbose)
106	bb_error_msg("send:'%s'", s);
107	printf("%s\r\n", s);
108	}
109
110	static int smtp_checkp(const char fmt, const char param, int code)
111	{
112	char *answer;
113	char *msg = send_mail_command(fmt, param);
114	// read stdin
115	// if the string has a form NNN- -- read next string. E.g. EHLO response
116	// parse first bytes to a number
117	// if code = -1 then just return this number
118	// if code != -1 then checks whether the number equals the code
119	// if not equal -> die saying msg
120	while ((answer = xmalloc_fgetline(stdin)) != NULL) {
121	if (verbose)
122	bb_error_msg("recv:'%.*s'", (int)(strchrnul(answer, '\r') - answer), answer);
123	if (strlen(answer) <= 3 \|\| '-' != answer[3])
124	break;
125	free(answer);
126	}
127	if (answer) {
128	int n = atoi(answer);
129	if (timeout)
130	alarm(0);
131	free(answer);
132	if (-1 == code \|\| n == code) {
133	free(msg);
134	return n;
135	}
136	}
137	bb_error_msg_and_die("%s failed", msg);
138	}
139
140	static int smtp_check(const char *fmt, int code)
141	{
142	return smtp_checkp(fmt, NULL, code);
143	}
144
145	// strip argument of bad chars
146	static char sane_address(char str)
147	{
148	char *s;
149
150	trim(str);
151	s = str;
152	while (*s) {
153	if (!isalnum(s) && !strchr("_-.@", s)) {
154	bb_error_msg("bad address '%s'", str);
155	/* returning "": */
156	str[0] = '\0';
157	return str;
158	}
159	s++;
160	}
161	return str;
162	}
163
164	// check for an address inside angle brackets, if not found fall back to normal
165	static char angle_address(char str)
166	{
167	char s, e;
168
169	trim(str);
170	e = last_char_is(str, '>');
171	if (e) {
172	s = strrchr(str, '<');
173	if (s) {
174	*e = '\0';
175	str = s + 1;
176	}
177	}
178	return sane_address(str);
179	}
180
181	static void rcptto(const char *s)
182	{
183	if (!*s)
184	return;
185	// N.B. we don't die if recipient is rejected, for the other recipients may be accepted
186	if (250 != smtp_checkp("RCPT TO:<%s>", s, -1))
187	bb_error_msg("Bad recipient: <%s>", s);
188	}
189
190	// send to a list of comma separated addresses
191	static void rcptto_list(const char *list)
192	{
193	char *str = xstrdup(list);
194	char *s = str;
195	char prev = 0;
196	int in_quote = 0;
197
198	while (*s) {
199	char ch = *s++;
200
201	if (ch == '"' && prev != '\\') {
202	in_quote = !in_quote;
203	} else if (!in_quote && ch == ',') {
204	s[-1] = '\0';
205	rcptto(angle_address(str));
206	str = s;
207	}
208	prev = ch;
209	}
210	if (prev != ',')
211	rcptto(angle_address(str));
212	free(str);
213	}
214
215	int sendmail_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
216	int sendmail_main(int argc UNUSED_PARAM, char **argv)
217	{
218	char *opt_connect;
219	char *opt_from = NULL;
220	char *s;
221	llist_t *list = NULL;
222	char *host = sane_address(safe_gethostname());
223	unsigned nheaders = 0;
224	int code;
225	enum {
226	HDR_OTHER = 0,
227	HDR_TOCC,
228	HDR_BCC,
229	} last_hdr = 0;
230	int check_hdr;
231	int has_to = 0;
232
233	enum {
234	//--- standard options
235	OPT_t = 1 << 0, // read message for recipients, append them to those on cmdline
236	OPT_f = 1 << 1, // sender address
237	OPT_o = 1 << 2, // various options. -oi IMPLIED! others are IGNORED!
238	OPT_i = 1 << 3, // IMPLIED!
239	//--- BB specific options
240	OPT_w = 1 << 4, // network timeout
241	OPT_H = 1 << 5, // use external connection helper
242	OPT_S = 1 << 6, // specify connection string
243	OPT_a = 1 << 7, // authentication tokens
244	OPT_v = 1 << 8, // verbosity
245	};
246
247	// init global variables
248	INIT_G();
249
250	// default HOST[:PORT] is $SMTPHOST, or localhost
251	opt_connect = getenv("SMTPHOST");
252	if (!opt_connect)
253	opt_connect = (char *)"127.0.0.1";
254
255	// save initial stdin since body is piped!
256	xdup2(STDIN_FILENO, 3);
257	G.fp0 = xfdopen_for_read(3);
258
259	// parse options
260	// -v is a counter, -H and -S are mutually exclusive, -a is a list
261	opt_complementary = "vv:H--S:S--H";
262	// N.B. since -H and -S are mutually exclusive they do not interfere in opt_connect
263	// -a is for ssmtp (http://downloads.openwrt.org/people/nico/man/man8/ssmtp.8.html) compatibility,
264	// it is still under development.
265	opts = getopt32(argv, "tf:o:iw:+H:S:a:*:v", &opt_from, NULL,
266	&timeout, &opt_connect, &opt_connect, &list, &verbose);
267	//argc -= optind;
268	argv += optind;
269
270	// process -a[upm]<token> options
271	if ((opts & OPT_a) && !list)
272	bb_show_usage();
273	while (list) {
274	char a = (char ) llist_pop(&list);
275	if ('u' == a[0])
276	G.user = xstrdup(a+1);
277	if ('p' == a[0])
278	G.pass = xstrdup(a+1);
279	// N.B. we support only AUTH LOGIN so far
280	//if ('m' == a[0])
281	// G.method = xstrdup(a+1);
282	}
283	// N.B. list == NULL here
284	//bb_error_msg("OPT[%x] AU[%s], AP[%s], AM[%s], ARGV[%s]", opts, au, ap, am, *argv);
285
286	// connect to server
287
288	// connection helper ordered? ->
289	if (opts & OPT_H) {
290	const char *delay;
291	const char *args[] = { "sh", "-c", opt_connect, NULL };
292	// plug it in
293	launch_helper(args);
294	// Now:
295	// our stdout will go to helper's stdin,
296	// helper's stdout will be available on our stdin.
297
298	// Wait for initial server message.
299	// If helper (such as openssl) invokes STARTTLS, the initial 220
300	// is swallowed by helper (and not repeated after TLS is initiated).
301	// We will send NOOP cmd to server and check the response.
302	// We should get 220+250 on plain connection, 250 on STARTTLSed session.
303	//
304	// The problem here is some servers delay initial 220 message,
305	// and consider client to be a spammer if it starts sending cmds
306	// before 220 reached it. The code below is unsafe in this regard:
307	// in non-STARTTLSed case, we potentially send NOOP before 220
308	// is sent by server.
309	//
310	// If $SMTP_ANTISPAM_DELAY is set, we pause before sending NOOP.
311	//
312	delay = getenv("SMTP_ANTISPAM_DELAY");
313	if (delay)
314	sleep(atoi(delay));
315	code = smtp_check("NOOP", -1);
316	if (code == 220)
317	// we got 220 - this is not STARTTLSed connection,
318	// eat 250 response to our NOOP
319	smtp_check(NULL, 250);
320	else
321	if (code != 250)
322	bb_error_msg_and_die("SMTP init failed");
323	} else {
324	// vanilla connection
325	int fd;
326	fd = create_and_connect_stream_or_die(opt_connect, 25);
327	// and make ourselves a simple IO filter
328	xmove_fd(fd, STDIN_FILENO);
329	xdup2(STDIN_FILENO, STDOUT_FILENO);
330
331	// Wait for initial server 220 message
332	smtp_check(NULL, 220);
333	}
334
335	// we should start with modern EHLO
336	if (250 != smtp_checkp("EHLO %s", host, -1))
337	smtp_checkp("HELO %s", host, 250);
338
339	// perform authentication
340	if (opts & OPT_a) {
341	smtp_check("AUTH LOGIN", 334);
342	// we must read credentials unless they are given via -a[up] options
343	if (!G.user \|\| !G.pass)
344	get_cred_or_die(4);
345	encode_base64(NULL, G.user, NULL);
346	smtp_check("", 334);
347	encode_base64(NULL, G.pass, NULL);
348	smtp_check("", 235);
349	}
350
351	// set sender
352	// N.B. we have here a very loosely defined algorythm
353	// since sendmail historically offers no means to specify secrets on cmdline.
354	// 1) server can require no authentication ->
355	// we must just provide a (possibly fake) reply address.
356	// 2) server can require AUTH ->
357	// we must provide valid username and password along with a (possibly fake) reply address.
358	// For the sake of security username and password are to be read either from console or from a secured file.
359	// Since reading from console may defeat usability, the solution is either to read from a predefined
360	// file descriptor (e.g. 4), or again from a secured file.
361
362	// got no sender address? use auth name, then UID username as a last resort
363	if (!opt_from) {
364	opt_from = xasprintf("%s@%s",
365	G.user ? G.user : xuid2uname(getuid()),
366	xgethostbyname(host)->h_name);
367	}
368	free(host);
369
370	smtp_checkp("MAIL FROM:<%s>", opt_from, 250);
371
372	// process message
373
374	// read recipients from message and add them to those given on cmdline.
375	// this means we scan stdin for To:, Cc:, Bcc: lines until an empty line
376	// and then use the rest of stdin as message body
377	code = 0; // set "analyze headers" mode
378	while ((s = xmalloc_fgetline(G.fp0)) != NULL) {
379	dump:
380	// put message lines doubling leading dots
381	if (code) {
382	// escape leading dots
383	// N.B. this feature is implied even if no -i (-oi) switch given
384	// N.B. we need to escape the leading dot regardless of
385	// whether it is single or not character on the line
386	if ('.' == s[0] /&& '\0' == s[1] /)
387	bb_putchar('.');
388	// dump read line
389	send_r_n(s);
390	free(s);
391	continue;
392	}
393
394	// analyze headers
395	// To: or Cc: headers add recipients
396	check_hdr = (0 == strncasecmp("To:", s, 3));
397	has_to \|= check_hdr;
398	if (opts & OPT_t) {
399	if (check_hdr \|\| 0 == strncasecmp("Bcc:" + 1, s, 3)) {
400	rcptto_list(s+3);
401	last_hdr = HDR_TOCC;
402	goto addheader;
403	}
404	// Bcc: header adds blind copy (hidden) recipient
405	if (0 == strncasecmp("Bcc:", s, 4)) {
406	rcptto_list(s+4);
407	free(s);
408	last_hdr = HDR_BCC;
409	continue; // N.B. Bcc: vanishes from headers!
410	}
411	}
412	check_hdr = (list && isspace(s[0]));
413	if (strchr(s, ':') \|\| check_hdr) {
414	// other headers go verbatim
415	// N.B. RFC2822 2.2.3 "Long Header Fields" allows for headers to occupy several lines.
416	// Continuation is denoted by prefixing additional lines with whitespace(s).
417	// Thanks (stefan.seyfried at googlemail.com) for pointing this out.
418	if (check_hdr && last_hdr != HDR_OTHER) {
419	rcptto_list(s+1);
420	if (last_hdr == HDR_BCC)
421	continue;
422	// N.B. Bcc: vanishes from headers!
423	} else {
424	last_hdr = HDR_OTHER;
425	}
426	addheader:
427	// N.B. we allow MAX_HEADERS generic headers at most to prevent attacks
428	if (MAX_HEADERS && ++nheaders >= MAX_HEADERS)
429	goto bail;
430	llist_add_to_end(&list, s);
431	} else {
432	// a line without ":" (an empty line too, by definition) doesn't look like a valid header
433	// so stop "analyze headers" mode
434	reenter:
435	// put recipients specified on cmdline
436	check_hdr = 1;
437	while (*argv) {
438	char t = sane_address(argv);
439	rcptto(t);
440	//if (MAX_HEADERS && ++nheaders >= MAX_HEADERS)
441	// goto bail;
442	if (!has_to) {
443	const char *hdr;
444
445	if (check_hdr && argv[1])
446	hdr = "To: %s,";
447	else if (check_hdr)
448	hdr = "To: %s";
449	else if (argv[1])
450	hdr = "To: %s," + 3;
451	else
452	hdr = "To: %s" + 3;
453	llist_add_to_end(&list,
454	xasprintf(hdr, t));
455	check_hdr = 0;
456	}
457	argv++;
458	}
459	// enter "put message" mode
460	// N.B. DATA fails iff no recipients were accepted (or even provided)
461	// in this case just bail out gracefully
462	if (354 != smtp_check("DATA", -1))
463	goto bail;
464	// dump the headers
465	while (list) {
466	send_r_n((char *) llist_pop(&list));
467	}
468	// stop analyzing headers
469	code++;
470	// N.B. !s means: we read nothing, and nothing to be read in the future.
471	// just dump empty line and break the loop
472	if (!s) {
473	send_r_n("");
474	break;
475	}
476	// go dump message body
477	// N.B. "s" already contains the first non-header line, so pretend we read it from input
478	goto dump;
479	}
480	}
481	// odd case: we didn't stop "analyze headers" mode -> message body is empty. Reenter the loop
482	// N.B. after reenter code will be > 0
483	if (!code)
484	goto reenter;
485
486	// finalize the message
487	smtp_check(".", 250);
488	bail:
489	// ... and say goodbye
490	smtp_check("QUIT", 221);
491	// cleanup
492	if (ENABLE_FEATURE_CLEAN_UP)
493	fclose(G.fp0);
494
495	return EXIT_SUCCESS;
496	}
497